Strictly speaking, I didn't do the math and verify (since you specified "for example") the ip net block against your example subnet mask. You specified .248 as your mask before, now you're indicating it as /24 mask. Which ever it is, the point was this:
If the ISP has assigned you a two-host subnet for the ADSL connection to them (Just like a Point-to-Point T1), and they've also assigned you a block of 8 addresses (1 used for Net boundary, 1 used for Broadcast, 1 used for the Router, 5 used for what ever you feel like), then you would follow the suggestions for addressing that I laid out. If you were assigned full Class C addresses for either the DSL Connection OR the "Client" Public block (which represents hosts like your WebServer via NAT), then simply put the /24 mask on each interface. For the ADSL connection itself though, that would be a gross waste of addresses. Also, if you were given TWO Class C blocks, then you could simply put one IP from the first block on your Dialer Interface, one IP from the same block on the Ethernet0 Interface, and one IP from the same block on the Outside Interface of the PIX. You'd then put 1 IP address from the second block on the Inside interface, and DHCP/STATIC Assign the rest of that block to any host on the Inside network (alternatively, if you had a PIX that had the DMZ NIC, you could put the second block on that, but the address assignment still applies in practice). This would work for the application of your web server hosting a max of 253 Unique .com/.net/.org/.whatever websites- each with its own unique public address (you can assign a whole class C to a single NIC). This would, of course be a waste of addresses if your web server is only hosting a couple of websites and you don't even have a LAN that uses all 254 addresses of that second public block. Doing Double-Nat is only really necessary (from my limited experience) for situations where you are trying to connect two LANs together that were previously numbered with the same net block/mask, i.e., LAN A and LAN B are on the 172.16.30.x/24 network. You have to introduce an additional router/firewall into the mix on ONE of the ends to make the connection work (whether it be GRE Tunneling from LAN to LAN, VPN Tunnel from LAN to LAN, etc.). I'm quite sure others will expand on or correct me where I'm not hitting the mark :) -Mark -----Original Message----- From: dlci dlci [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 4:25 AM To: [EMAIL PROTECTED] Subject: RE: ADSL and PIX puzzle [7:63498] I would like to thank everyone who helped out with my Pix horror picture show. This has aroused some possiblities where previously I couldn4t, lets say "see the trees from the forest"(or is it the other way around ;) However this has also brought up some questions about all your suggestions. ..the story so far: Network number: 200.10.10.136/30 So I use 200.10.10.138 255.255.255.0 since provide uses the other available IP Public IPs: 200.10.15.184/29 webserver is 200.10.15.189 Ok, following Mark4s tip I would put 200.10.10.138 255.255.255.0 on Dialer int. Mark then suggests "Put 200.10.15.184/29 on the Ethernet0 of the DSL Router..." and "Put 200.10.15.185/29 on the PIX Outside Interface..." umm, the IP on eth0 is my network number for public IP space, so, shouldn4t eth0 on router be 200.10.15.185/24 ? If so wouldn4t I be wasting 1 IP to get to the pix? Albert Lu suggests using ip unnumbered eth0, on the Dialer int, ok, then if I use 200.10.10.138/24 on eth0 on the router(ISP uses the other available IP) what other IP could I use on the pix eth0 (interface directly connected to router4s eth0)? Why wouldn4t I want to use NAT on both router and pix, and go with Kent Hundley suggestion? _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63518&t=63498 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
